Using the Legal System To Access Customer Data

Filed Under Security

A week or so ago Microsoft dug into a customer’s Hotmail account in order to track down some information about code that had been stolen from Microsoft. Their terms and conditions specifically allowed them to do this, but despite that they received a fair amount of criticism.

With this announcement they have decided to change their policy. Now they will only access private customer data in response to a law enforcement request — if a similar situation arises, they will ask law enforcement to investigate (by asking them to provide the data).

This is an excellent decision. Our legal system may not be perfect, but it has all kinds of checks and balances built in to prevent abuses and to balance individual’s rights against the public need to perform investigations. Rather than inventing their own “legal system” for adjudicating such things fairly, Microsoft is taking advantage of the existing system our society has built up over centuries. Other “cloud providers” (for that is exactly what web mail is) should adopt the same policy.

CAPTCHAs

Filed Under Security, Technology

CAPCHAs are those odd little boxes that show some badly malformed letters and numbers and ask you to type them in. The idea is to check whether you are a human.

The problem is that CAPCHAs are pretty difficult for humans. And they’re fairly easy for computers. There are the simple work-arounds (like paying to break CAPCHAs on Mechanical Turk). And there are the high-tech solutions where you simply build a computer that can solve them. My biggest concern though is the new kind of CAPTCHA that people have begun using. I find it to be a real problem, and it, too, can be worked around by anyone who is sufficiently motivated, but it is becoming a disturbingly common new way of identifying real humans:

Log In With Facebook

 

I dream of Satoshi Nakamoto

Filed Under Programming, Security

bitcoin_license_plate“Satoshi Nakamoto” is the alias of the anonymous person who invented and published the protocol for Bitcoin. So far, no one knows for sure who it is, although attempts have been made to unmask the person (or people) by an analysis of their writing style and similar indicators. Now, in a blogpost, Sergio Demian Lerner has found a way to recognize coins mined by the same computer and has picked out the distinctive pattern of a certain individual who began mining almost from block one and continued mining at a consistent rate with regular restarts for a long time, without spending any of those coins.

This, he says, is Satoshi, and I applaud Sergio for this clever way to recognize an individual miner. Like Sergio, I am pleased that Satoshi’s fortune in Bitcoins is now apparently worth around $100 million USD. But Sergio also suggests that he expects this will lead to the unmasking of Satoshi once others track this to a Bitcoin somewhere which HAS been spent. (Bitcoin has many advantages, but it is NOT fully anonymous: in fact,  anyone can track a payment back to see which (anonymous) account it came from previously.)

I hope he is wrong about the unmasking. I prefer to imagine that Satoshi Nakamoto is living and working a normal job, still haunting cryptography boards in the evenings and on weekends, and occasionally checking the news to see how that Bitcoin thing is progressing. I imagine that someday, many years from now, when she dies her husband will open that envelope she left in the safe-deposit-box and it will contain a hard drive and stack of papers labeled “Now that I am gone, please publish this for the world to read.”

Okay, it’s just a romantic dream, but I’m hanging onto it as long as I can.

Using a Mix of Computers and Humans for Security

Filed Under Security

Suppose that your bank offers currency conversion as a service: give them a deposit or make a withdrawal in euros and they’ll adjust your balance in dollars. They don’t do this out of the goodness of their hearts: today’s conversion rate is around 1.28 $ / €, so they’d give you 0.75 € for every $ and 1.25 $ for every € so they’d make a good 6.5% margin on the conversions. Read more